Skip to content

Compatibility with newest Python, Terraform versions + new features #103

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Ianyliu wants to merge 166 commits into
base: master
Choose a base branch
from
Open

Compatibility with newest Python, Terraform versions + new features #103

Ianyliu wants to merge 166 commits into from

Conversation

@Ianyliu
Copy link

@Ianyliu Ianyliu commented Aug 16, 2022
edited
Loading

I've been working on the improvements of this tool as a Cisco Technical Intern this summer.

Here are some of the major changes I've made:

  • Add compatibility with recent versions of Terraform, Python, and Python packages
  • Allow Blast Radius to run independent of any Terraform file/folder/installation. Just simply provide a DOT script (file upload/text input)
  • New functionality (on app)
    • Tabs. This enables infrastructure comparison from different Terraform plans from different people.
    • Print graph. Allows users to print graph directly. (TODO: Doesn't work all the time)
    • Upload DOT files to generate graphs. Upload .txt files with DOT script (copy and past terraform graph output into a text file.
    • Text input for DOT script.
  • UI enhancements. Updated color scheme to more closely follow the 60-30-10 rule.
  • Added an example for running Blast Radius on AWS EC2 via Terraform
  • Added an example for running Blast Radius on Kubernetes
  • Added 3 example DOT files in examples/ folder to test out the newest features I've added
  • Better error handling to notify user of the problem
  • Create new Docker repo
  • Updated Dockerfile and Docker image to implement aforementioned functionality and features.
  • Update Docker image to include multi-cpu architecture (ARM, AMD, etc.)
  • Updated README.md to include more information
  • Other changes: I've spend quite some time looking across different forks and pull requests from others like gruberdev, AshleyHollis, etc. to merge changes (haven't finished). Some them include, switching to pyhcl2, adding Terratests to Dockerfile, PowerShell scripts that run Blast Radius on Docker, allowing Blast Radius to run even if JSON data couldn't be parsed, etc.

You can test out my Docker image at https://hub.docker.com/repository/docker/ianyliu/blast-radius-fork/

Ianyliu and others added 30 commits August 8, 2022 17:40
@Ianyliu
Commit all previous changes from previous repository
30da508 
In my previous repo, I accidentally committed the API_KEY and access key. I decided to delete the repository and start anew.
@Ianyliu
Update comments and variables in blast-radius-aws.tf
10bdad3
@Ianyliu
Allow Blast Radius to handle remote Terraform modules
40bfb03 
According to Terraform, "A module is a container for multiple resources that are used together.... The .tf files in your working directory when you run terraform plan or terraform apply together form the root module. "

Since Terraform must be init-ed before using, it can be assumed that the remote modules have been downloaded to .terraform/modules. If the filepath joined by Terraform.directory and "source" variable does not exist, we look for remote modules instead.
@Ianyliu
Improve Error Handling & Allow Blast Radius Viewer to be Accessed Eve…
84ed47a 
…n If JSON Data Loading Failed

If the JSON data could not be parsed, then error messages will notify the user instead of silently failing.

In addition, if there was an error loading JSON data, the viewer can still be accessed. (The graph will still be there but the JSON data and some of the mouse events + colorization will be absent.
@Ianyliu
Remove console.logs
903bbdb
@Ianyliu
Add an alert to navbar on server failure
724c33f 
This commit was retrieved from Jrc356 at 28mm@74ba708
@Ianyliu
Include package data when setup.py is run during installation processes
304ff63 
Commit from Jrc356 at 28mm@706a377
@Ianyliu
Add JS variables and documentation
ce4ac67
@Ianyliu
Update requirements.txt
6e16c57 
Based on changes by obourdon at 28mm@3c27bda
@Ianyliu
Update Dockerfile to update packages in container
948dac8
@Ianyliu
Simplify code
8176bd0
@Ianyliu
Add Terratests to Dockerfile
028ee36 
Terratests are a way to automate testing for your infrastructure code. See https://terratest.gruntwork.io/ for more information.

This is an original commit by gruberdev
28mm@353045a
@Ianyliu
Provide doc fix support
0d3631b 
Merges commmit by gruberdev at 28mm@246eb35
@Ianyliu
Ignore .vscode configuration folders
cba20cd
@Ianyliu
Update documentation for hcl2 instead of pyhcl
4308ac6
@Ianyliu
Add compatibility with collections library regardless of Python version
b0bad3a 
According to Python3 documentation for collections module (https://docs.python.org/3.7/library/collections.html):
"Changed in version 3.3: Moved Collections Abstract Base Classes to the collections.abc module. For backwards compatibility, they continue to be visible in this module through Python 3.7. Subsequently, they will be removed entirely."
@dependabot
Bump jinja2 from 2.10.1 to 2.11.3
f458970 
Bumps [jinja2](https://github.com/pallets/jinja) from 2.10.1 to 2.11.3.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@2.10.1...2.11.3)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@Ianyliu
Create codeql-analysis.yml
a208749
@Ianyliu
Merge pull request #1 from Ianyliu/dependabot/pip/jinja2-2.11.3
6b2b3dc 
Bump jinja2 from 2.10.1 to 2.11.3
@Ianyliu
Updated README.md
8b20178
@Ianyliu
Allow print function to be used in even in Python 2
ddbed77
@Ianyliu
Add Docker Build and Run PowerShell Scripts
933492d 
Merged commit from AshleyHollis at

nishubharti@2bd233d
@Ianyliu
Updated index.html
de86130
@Ianyliu
Update Docker Run PowerShell Script
b326b4e
@Ianyliu
Update Docker Build PowerShell Command to Use BuildX
4f4bfa9 
BuildX is a Docker service that allows users to build Docker images for multi-cpu architectures (ARM, AMD64, etc.).
@Ianyliu
Allow Users to Run Docker Container using BASH Script
c87c952 
The purpose of adding a BASH script for running the Docker containers is to
1. Reduce complexity to run Docker containers (lots of flags and parameters omitted)
2. Allow users to add alias(es) so they can run Blast Radius as if there were no container (```blast-radius --serve```)
@Ianyliu
Update PowerShell Script to Avoid Build Error
41f1702 
Moving the PowerShell Script to the PowerShell folder means the Dockerfile is no longer in the same relative location, so I updated it to refer back to the parent directory.
@Ianyliu
Remove comments
38b3a70
@Ianyliu
Fix Flask Installation Error
01c83fa
@Ianyliu
Resolve pip Installation Error
c473926 
The conflict was caused by:
blastradius 0.1.25 depends on Jinja2==2.11.3
flask 2.1.2 depends on Jinja2>=3.0
dependabot bot and others added 13 commits July 15, 2024 17:26
@dependabot
Bump setuptools from 65.5.1 to 70.0.0
f8af9dc 
Bumps [setuptools](https://github.com/pypa/setuptools) from 65.5.1 to 70.0.0.
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](pypa/setuptools@v65.5.1...v70.0.0)

---
updated-dependencies:
- dependency-name: setuptools
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@Ianyliu
Bump setuptools from 65.5.1 to 70.0.0 (#49)
e47caed 
Bumps [setuptools](https://github.com/pypa/setuptools) from 65.5.1 to
70.0.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/setuptools/blob/main/NEWS.rst">setuptools's
changelog</a>.</em></p>
<blockquote>
<h1>v70.0.0</h1>
<h2>Features</h2>
<ul>
<li>Emit a warning when <code>[tools.setuptools]</code> is present in
<code>pyproject.toml</code> and will be ignored. -- by
:user:<code>SnoopJ</code> (<a
href="https://redirect.github.com/pypa/setuptools/issues/4150">#4150</a>)</li>
<li>Improved <code>AttributeError</code> error message if
<code>pkg_resources.EntryPoint.require</code> is called without extras
or distribution
Gracefully &quot;do nothing&quot; when trying to activate a
<code>pkg_resources.Distribution</code> with a <code>None</code>
location, rather than raising a <code>TypeError</code>
-- by :user:<code>Avasam</code> (<a
href="https://redirect.github.com/pypa/setuptools/issues/4262">#4262</a>)</li>
<li>Typed the dynamically defined variables from
<code>pkg_resources</code> -- by :user:<code>Avasam</code> (<a
href="https://redirect.github.com/pypa/setuptools/issues/4267">#4267</a>)</li>
<li>Modernized and refactored VCS handling in package_index. (<a
href="https://redirect.github.com/pypa/setuptools/issues/4332">#4332</a>)</li>
</ul>
<h2>Bugfixes</h2>
<ul>
<li>In install command, use super to call the superclass methods. Avoids
race conditions when monkeypatching from _distutils_system_mod occurs
late. (<a
href="https://redirect.github.com/pypa/setuptools/issues/4136">#4136</a>)</li>
<li>Fix finder template for lenient editable installs of implicit nested
namespaces
constructed by using <code>package_dir</code> to reorganise directory
structure. (<a
href="https://redirect.github.com/pypa/setuptools/issues/4278">#4278</a>)</li>
<li>Fix an error with <code>UnicodeDecodeError</code> handling in
<code>pkg_resources</code> when trying to read files in UTF-8 with a
fallback -- by :user:<code>Avasam</code> (<a
href="https://redirect.github.com/pypa/setuptools/issues/4348">#4348</a>)</li>
</ul>
<h2>Improved Documentation</h2>
<ul>
<li>Uses RST substitution to put badges in 1 line. (<a
href="https://redirect.github.com/pypa/setuptools/issues/4312">#4312</a>)</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>
<p>Further adoption of UTF-8 in <code>setuptools</code>.
This change regards mostly files produced and consumed during the build
process
(e.g. metadata files, script wrappers, automatically updated config
files, etc..)
Although precautions were taken to minimize disruptions, some edge cases
might
be subject to backwards incompatibility.</p>
<p>Support for <code>&quot;locale&quot;</code> encoding is now
<strong>deprecated</strong>. (<a
href="https://redirect.github.com/pypa/setuptools/issues/4309">#4309</a>)</p>
</li>
<li>
<p>Remove <code>setuptools.convert_path</code> after long deprecation
period.
This function was never defined by <code>setuptools</code> itself, but
rather a
side-effect of an import for internal usage. (<a
href="https://redirect.github.com/pypa/setuptools/issues/4322">#4322</a>)</p>
</li>
<li>
<p>Remove fallback for customisations of <code>distutils</code>'
<code>build.sub_command</code> after long
deprecated period.
Users are advised to import <code>build</code> directly from
<code>setuptools.command.build</code>. (<a
href="https://redirect.github.com/pypa/setuptools/issues/4322">#4322</a>)</p>
</li>
<li>
<p>Removed <code>typing_extensions</code> from vendored dependencies --
by :user:<code>Avasam</code> (<a
href="https://redirect.github.com/pypa/setuptools/issues/4324">#4324</a>)</p>
</li>
<li>
<p>Remove deprecated <code>setuptools.dep_util</code>.
The provided alternative is <code>setuptools.modified</code>. (<a
href="https://redirect.github.com/pypa/setuptools/issues/4360">#4360</a>)</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/setuptools/commit/5cbf12a9b63fd37985a4525617b46576b8ac3a7b"><code>5cbf12a</code></a>
Workaround for release error in v70</li>
<li><a
href="https://github.com/pypa/setuptools/commit/9c1bcc3417bd12668123f7e731e241d9e57bfc57"><code>9c1bcc3</code></a>
Bump version: 69.5.1 → 70.0.0</li>
<li><a
href="https://github.com/pypa/setuptools/commit/4dc0c31644b458ac43ce6148f6a9dc729a7e78b5"><code>4dc0c31</code></a>
Remove deprecated <code>setuptools.dep_util</code> (<a
href="https://redirect.github.com/pypa/setuptools/issues/4360">#4360</a>)</li>
<li><a
href="https://github.com/pypa/setuptools/commit/6c1ef5748dbd70c8c5423e12680345766ee101d9"><code>6c1ef57</code></a>
Remove xfail now that test passes. Ref <a
href="https://redirect.github.com/pypa/setuptools/issues/4371">#4371</a>.</li>
<li><a
href="https://github.com/pypa/setuptools/commit/d14fa0162c95450898c11534caf26a0f03553176"><code>d14fa01</code></a>
Add all site-packages dirs when creating simulated environment for
test_edita...</li>
<li><a
href="https://github.com/pypa/setuptools/commit/6b7f7a18afc90007544092c446dc0cd856d86b17"><code>6b7f7a1</code></a>
Prevent <code>bin</code> folders to be taken as extern packages when
vendoring (<a
href="https://redirect.github.com/pypa/setuptools/issues/4370">#4370</a>)</li>
<li><a
href="https://github.com/pypa/setuptools/commit/69141f69f8bf38da34cbea552d6fdaa9c8619c53"><code>69141f6</code></a>
Add doctest for vendorised bin folder</li>
<li><a
href="https://github.com/pypa/setuptools/commit/2a53cc1200ec4b14e08e84be3c042f8983dfb7d7"><code>2a53cc1</code></a>
Prevent 'bin' folders to be taken as extern packages</li>
<li><a
href="https://github.com/pypa/setuptools/commit/720862807dea012f3a0e7061880691025f736f11"><code>7208628</code></a>
Replace call to deprecated <code>validate_pyproject</code> command (<a
href="https://redirect.github.com/pypa/setuptools/issues/4363">#4363</a>)</li>
<li><a
href="https://github.com/pypa/setuptools/commit/96d681aa405460f724c62c00ca125ae722ad810a"><code>96d681a</code></a>
Remove call to deprecated validate_pyproject command</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/setuptools/compare/v65.5.1...v70.0.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=setuptools&package-manager=pip&previous-version=65.5.1&new-version=70.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/Ianyliu/blast-radius-fork/network/alerts).

</details>
@Ianyliu
Add star history pic to README.md
7e7ed33
@Ianyliu
Star History Dark Theme Support
8d6da2e
@Ianyliu
Update README.md
7d031b3
@Ianyliu
Add star history pic to README.md (#50)
61374b9
@Ianyliu
fix entrypoint script (#53)
47f0d72
@Ianyliu
Bug Fix
56fd19c
@Ianyliu
Bug fix (Terraform initialized in an empty directory) (#54)
eccaef9
@Ianyliu
Update README.md Title
7455703
@Ianyliu
Update README.md Title (#55)
aa6408a
@Ianyliu
Add print message
75ae6be
@Ianyliu
Add print message (#56)
1e9561e
@Ianyliu
Copy link
Author

Ianyliu commented Aug 14, 2024

@rquadling Could you please try again with my latest image from Docker? I've never seen this issue before so I'm not sure if I can fix it.

@rquadling
Copy link

rquadling commented Aug 28, 2024

@Ianyliu Thank you for this. Will try it out tomorrow (UK time).

Ianyliu and others added 10 commits October 4, 2024 19:32
@Ianyliu
Update README.md
bdd14d9
@Ianyliu
Update README.md (#58)
3e0ade2
@Ianyliu
Update README.md
e1917ad
@Ianyliu
Update README.md (#59)
9f271b0
@mediowen
Allow for host to be configured (default is 0.0.0.0, which may be und…
8d42879 
…esirable)
@mediowen
type=str oops
6194a82
@mediowen
Update readme
5c6b000
@Ianyliu
Make bound host configurable (#60)
9092f19 
Was about to run this in a coffee shop and realised it's binding to all
addresses by default :P

Not sure if worthwhile just making the default 127.0.0.1 as well, so
binding further is an explicit move. Happy to adjust, I think that'd
make sense to me as well but would be a breaking change
@Ianyliu
Update requirements.txt
fe010e0
@Ianyliu
Update requirements.txt (#62)
f610430
@rquadling
Copy link

rquadling commented Mar 7, 2025

Really sorry for the delay in replying. Just retried running ...

$ docker run --rm -it -p 5000:5000 -v $(pwd):/data:ro --security-opt apparmor:unconfined --cap-add=SYS_ADMIN  ianyliu/blast-radius-fork

- ecr_repos in modules/ecr_repo
╷
│ Error: Error accessing remote module registry
│ 
│ Failed to retrieve available versions for module "grouped_ecr_repos" (grouped-ecr.tf:45) from app.terraform.io: error looking up module versions: 401 Unauthorized.
╵

╷
│ Error: Error accessing remote module registry
│ 
│ Failed to retrieve available versions for module "tailscale_connection" (tailscale.tf:8) from app.terraform.io: error looking up module versions: 401 Unauthorized.
╵

╷
│ Error: Error accessing remote module registry
│ 
│ Failed to retrieve available versions for module "tailscale_zone_association" (tailscale.tf:23) from app.terraform.io: error looking up module versions: 401 Unauthorized.
╵

╷
│ Error: Error accessing remote module registry
│ 
│ Failed to retrieve available versions for module "grouped_ecr_repos" (grouped-ecr.tf:45) from app.terraform.io: error looking up module versions: 401 Unauthorized.
╵

╷
│ Error: Error accessing remote module registry
│ 
│ Failed to retrieve available versions for module "grouped_ecr_repos" (grouped-ecr.tf:45) from app.terraform.io: error looking up module versions: 401 Unauthorized.
╵

╷
│ Error: Error accessing remote module registry
│ 
│ Failed to retrieve available versions for module "tailscale_connection" (tailscale.tf:8) from app.terraform.io: error looking up module versions: 401 Unauthorized.
╵

╷
│ Error: Error accessing remote module registry
│ 
│ Failed to retrieve available versions for module "grouped_ecr_repos" (grouped-ecr.tf:45) from app.terraform.io: error looking up module versions: 401 Unauthorized.
╵

╷
│ Error: Error accessing remote module registry
│ 
│ Failed to retrieve available versions for module "tailscale_connection" (tailscale.tf:8) from app.terraform.io: error looking up module versions: 401 Unauthorized.
╵

╷
│ Error: Error accessing remote module registry
│ 
│ Failed to retrieve available versions for module "tailscale_zone_association" (tailscale.tf:23) from app.terraform.io: error looking up module versions: 401 Unauthorized.
╵

The terraform plan has all worked.

I'm running this on a MacBook Pro M1 chipset.

dependabot bot and others added 4 commits May 19, 2025 20:20
@dependabot
Bump setuptools from 70.0.0 to 78.1.1
f4f9e51 
Bumps [setuptools](https://github.com/pypa/setuptools) from 70.0.0 to 78.1.1.
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](pypa/setuptools@v70.0.0...v78.1.1)

---
updated-dependencies:
- dependency-name: setuptools
  dependency-version: 78.1.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@Ianyliu
Bump setuptools from 70.0.0 to 78.1.1 (#63)
b80bee5 
Bumps [setuptools](https://github.com/pypa/setuptools) from 70.0.0 to
78.1.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pypa/setuptools/blob/main/NEWS.rst">setuptools's
changelog</a>.</em></p>
<blockquote>
<h1>v78.1.1</h1>
<h2>Bugfixes</h2>
<ul>
<li>More fully sanitized the filename in PackageIndex._download. (<a
href="https://redirect.github.com/pypa/setuptools/issues/4946">#4946</a>)</li>
</ul>
<h1>v78.1.0</h1>
<h2>Features</h2>
<ul>
<li>Restore access to _get_vc_env with a warning. (<a
href="https://redirect.github.com/pypa/setuptools/issues/4874">#4874</a>)</li>
</ul>
<h1>v78.0.2</h1>
<h2>Bugfixes</h2>
<ul>
<li>Postponed removals of deprecated dash-separated and uppercase fields
in <code>setup.cfg</code>.
All packages with deprecated configurations are advised to move before
2026. (<a
href="https://redirect.github.com/pypa/setuptools/issues/4911">#4911</a>)</li>
</ul>
<h1>v78.0.1</h1>
<h2>Misc</h2>
<ul>
<li><a
href="https://redirect.github.com/pypa/setuptools/issues/4909">#4909</a></li>
</ul>
<h1>v78.0.0</h1>
<h2>Bugfixes</h2>
<ul>
<li>Reverted distutils changes that broke the monkey patching of command
classes. (<a
href="https://redirect.github.com/pypa/setuptools/issues/4902">#4902</a>)</li>
</ul>
<h2>Deprecations and Removals</h2>
<ul>
<li>Setuptools no longer accepts options containing uppercase or dash
characters in <code>setup.cfg</code>.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pypa/setuptools/commit/8e4868a036b7fae3208d16cb4e5fe6d63c3752df"><code>8e4868a</code></a>
Bump version: 78.1.0 → 78.1.1</li>
<li><a
href="https://github.com/pypa/setuptools/commit/100e9a61ad24d5a147ada57357425a8d40626d09"><code>100e9a6</code></a>
Merge pull request <a
href="https://redirect.github.com/pypa/setuptools/issues/4951">#4951</a></li>
<li><a
href="https://github.com/pypa/setuptools/commit/8faf1d7e0ca309983252e4f21837b73ee12e960f"><code>8faf1d7</code></a>
Add news fragment.</li>
<li><a
href="https://github.com/pypa/setuptools/commit/2ca4a9fe4758fcd39d771d3d3a5b4840aacebdf7"><code>2ca4a9f</code></a>
Rely on re.sub to perform the decision in one expression.</li>
<li><a
href="https://github.com/pypa/setuptools/commit/e409e8002932f2b86aae7b1abc8f8c2ebf96df2c"><code>e409e80</code></a>
Extract _sanitize method for sanitizing the filename.</li>
<li><a
href="https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b"><code>250a6d1</code></a>
Add a check to ensure the name resolves relative to the tmpdir.</li>
<li><a
href="https://github.com/pypa/setuptools/commit/d8390feaa99091d1ba9626bec0e4ba7072fc507a"><code>d8390fe</code></a>
Extract _resolve_download_filename with test.</li>
<li><a
href="https://github.com/pypa/setuptools/commit/4e1e89392de5cb405e7844cdc8b20fc2755dbaba"><code>4e1e893</code></a>
Merge <a
href="https://github.com/jaraco/skeleton">https://github.com/jaraco/skeleton</a></li>
<li><a
href="https://github.com/pypa/setuptools/commit/3a3144f0d2887fa37c06550f42a101e9eebd953a"><code>3a3144f</code></a>
Fix typo: <code>pyproject.license</code> -&gt;
<code>project.license</code> (<a
href="https://redirect.github.com/pypa/setuptools/issues/4931">#4931</a>)</li>
<li><a
href="https://github.com/pypa/setuptools/commit/d751068fd2627d6d8f1729e39cbcd8119049998f"><code>d751068</code></a>
Fix typo: pyproject.license -&gt; project.license</li>
<li>Additional commits viewable in <a
href="https://github.com/pypa/setuptools/compare/v70.0.0...v78.1.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=setuptools&package-manager=pip&previous-version=70.0.0&new-version=78.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/Ianyliu/blast-radius-fork/network/alerts).

</details>
@dependabot
Bump requests from 2.32.0 to 2.32.4
1ff00d1 
Bumps [requests](https://github.com/psf/requests) from 2.32.0 to 2.32.4.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.32.0...v2.32.4)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.32.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@Ianyliu
Bump requests from 2.32.0 to 2.32.4 (#64)
152898e 
Bumps [requests](https://github.com/psf/requests) from 2.32.0 to 2.32.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/releases">requests's
releases</a>.</em></p>
<blockquote>
<h2>v2.32.4</h2>
<h2>2.32.4 (2025-06-10)</h2>
<p><strong>Security</strong></p>
<ul>
<li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and
trusted
environment will retrieve credentials for the wrong hostname/machine
from a
netrc file. (<a
href="https://redirect.github.com/psf/requests/issues/6965">#6965</a>)</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li>Numerous documentation improvements</li>
</ul>
<p><strong>Deprecations</strong></p>
<ul>
<li>Added support for pypy 3.11 for Linux and macOS. (<a
href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li>
<li>Dropped support for pypy 3.9 following its end of support. (<a
href="https://redirect.github.com/psf/requests/issues/6926">#6926</a>)</li>
</ul>
<h2>v2.32.3</h2>
<h2>2.32.3 (2024-05-29)</h2>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Fixed bug breaking the ability to specify custom SSLContexts in
sub-classes of
HTTPAdapter. (<a
href="https://redirect.github.com/psf/requests/issues/6716">#6716</a>)</li>
<li>Fixed issue where Requests started failing to run on Python versions
compiled
without the <code>ssl</code> module. (<a
href="https://redirect.github.com/psf/requests/issues/6724">#6724</a>)</li>
</ul>
<h2>v2.32.2</h2>
<h2>2.32.2 (2024-05-21)</h2>
<p><strong>Deprecations</strong></p>
<ul>
<li>
<p>To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed <code>_get_connection</code>
to
a new public API, <code>get_connection_with_tls_context</code>. Existing
custom
HTTPAdapters will need to migrate their code to use this new API.
<code>get_connection</code> is considered deprecated in all versions of
Requests&gt;=2.32.0.</p>
<p>A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom
adapter
is subject to the same issue described in CVE-2024-35195. (<a
href="https://redirect.github.com/psf/requests/issues/6710">#6710</a>)</p>
</li>
</ul>
<h2>v2.32.1</h2>
<h2>2.32.1 (2024-05-20)</h2>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Add missing test certs to the sdist distributed on PyPI.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/psf/requests/blob/main/HISTORY.md">requests's
changelog</a>.</em></p>
<blockquote>
<h2>2.32.4 (2025-06-10)</h2>
<p><strong>Security</strong></p>
<ul>
<li>CVE-2024-47081 Fixed an issue where a maliciously crafted URL and
trusted
environment will retrieve credentials for the wrong hostname/machine
from a
netrc file.</li>
</ul>
<p><strong>Improvements</strong></p>
<ul>
<li>Numerous documentation improvements</li>
</ul>
<p><strong>Deprecations</strong></p>
<ul>
<li>Added support for pypy 3.11 for Linux and macOS.</li>
<li>Dropped support for pypy 3.9 following its end of support.</li>
</ul>
<h2>2.32.3 (2024-05-29)</h2>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Fixed bug breaking the ability to specify custom SSLContexts in
sub-classes of
HTTPAdapter. (<a
href="https://redirect.github.com/psf/requests/issues/6716">#6716</a>)</li>
<li>Fixed issue where Requests started failing to run on Python versions
compiled
without the <code>ssl</code> module. (<a
href="https://redirect.github.com/psf/requests/issues/6724">#6724</a>)</li>
</ul>
<h2>2.32.2 (2024-05-21)</h2>
<p><strong>Deprecations</strong></p>
<ul>
<li>
<p>To provide a more stable migration for custom HTTPAdapters impacted
by the CVE changes in 2.32.0, we've renamed <code>_get_connection</code>
to
a new public API, <code>get_connection_with_tls_context</code>. Existing
custom
HTTPAdapters will need to migrate their code to use this new API.
<code>get_connection</code> is considered deprecated in all versions of
Requests&gt;=2.32.0.</p>
<p>A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom
adapter
is subject to the same issue described in CVE-2024-35195. (<a
href="https://redirect.github.com/psf/requests/issues/6710">#6710</a>)</p>
</li>
</ul>
<h2>2.32.1 (2024-05-20)</h2>
<p><strong>Bugfixes</strong></p>
<ul>
<li>Add missing test certs to the sdist distributed on PyPI.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/psf/requests/commit/021dc729f0b71a3030cefdbec7fb57a0e80a6cfd"><code>021dc72</code></a>
Polish up release tooling for last manual release</li>
<li><a
href="https://github.com/psf/requests/commit/821770e822a20a21b207b3907ea83878bda1d396"><code>821770e</code></a>
Bump version and add release notes for v2.32.4</li>
<li><a
href="https://github.com/psf/requests/commit/59f8aa2adf1d3d06bcbf7ce6b13743a1639a5401"><code>59f8aa2</code></a>
Add netrc file search information to authentication documentation (<a
href="https://redirect.github.com/psf/requests/issues/6876">#6876</a>)</li>
<li><a
href="https://github.com/psf/requests/commit/5b4b64c3467fd7a3c03f91ee641aaa348b6bed3b"><code>5b4b64c</code></a>
Add more tests to prevent regression of CVE 2024 47081</li>
<li><a
href="https://github.com/psf/requests/commit/7bc45877a86192af77645e156eb3744f95b47dae"><code>7bc4587</code></a>
Add new test to check netrc auth leak (<a
href="https://redirect.github.com/psf/requests/issues/6962">#6962</a>)</li>
<li><a
href="https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef"><code>96ba401</code></a>
Only use hostname to do netrc lookup instead of netloc</li>
<li><a
href="https://github.com/psf/requests/commit/7341690e842a23cf18ded0abd9229765fa88c4e2"><code>7341690</code></a>
Merge pull request <a
href="https://redirect.github.com/psf/requests/issues/6951">#6951</a>
from tswast/patch-1</li>
<li><a
href="https://github.com/psf/requests/commit/6716d7c9f29df636643fa2489f98890216525cb0"><code>6716d7c</code></a>
remove links</li>
<li><a
href="https://github.com/psf/requests/commit/a7e1c745dc23c18e836febd672416ed0c5d8d8ae"><code>a7e1c74</code></a>
Update docs/conf.py</li>
<li><a
href="https://github.com/psf/requests/commit/c799b8167a13416833ad3b4f3298261a477e826f"><code>c799b81</code></a>
docs: fix dead links to kenreitz.org</li>
<li>Additional commits viewable in <a
href="https://github.com/psf/requests/compare/v2.32.0...v2.32.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=requests&package-manager=pip&previous-version=2.32.0&new-version=2.32.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/Ianyliu/blast-radius-fork/network/alerts).

</details>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@Ianyliu @rquadling @blentz @glasnt @dannyvolders @mediowen